Then you can't use privacy secret on WAN, as you're actually being assigned an IP. And if it was randomly assigned, then it's private anyways.
That information is contained in the Wiki too. Feel free to review the documentation.
Just in case there was a misunderstanding - I noted reqprefix
Why do you want a privacy-enabled address on the WAN interface anyways?
Whether clients in your LAN use Privacy-Extensions or Stable-Secret-Addresses is up to the clients. OpenWrt doesn't do this. OpenWrt just announces a prefix to your LAN. The clients will assign addresses according to this.
Although I'm not he OP, one good reason I can think of - is so the the device cannot be identified due to an EUI64 address.
Yes, I meant to reply to OP.
Anyway, looking at the original post, @daiaji doesn't want PE on the OpenWrt. At least that's what I derive from the firewall rule. He wants people to access his web server which is a LAN client behind OpenWrt. He seems to be under the impression that OpenWrt handles the assignment of IPv6 addresses for clients.
Furthermore, if the WAN-IPv6 of the OpenWrt box is assigned by DHCPv6/PPPoE, it won't contain the MAC address anyways.
